March 14th, 2004, 08:38 PM
|
#1 (permalink)
| | Ultimate Member
Join Date: Oct 2001 Location: Dahlonega Ga
Posts: 8,105
| OLJZA5ZE3C.Exe Virus/Worm Help Needed
Got a customer unit with a self replicating .exe in the startup menu.
The location of the .exe is bogus, listed as C:Windows\OLJZA5ZE3C.Exe
The Name listed in MSCONFIG is random numbers and letters 7-10 digits long.
It's listed over a hundred times, going into SAFE Mode don't help.
Taking any action in Windows normal is out of the question with the system at 100% CPU usage from the rascal.
Running a Norton Corporate floppy which scanned in DOS for 4 hrs & 11 Minutes gave no joy, "No Viruses" found.
Beside Format C: any ideas.
TIA
Doc
| 
|  | |
March 15th, 2004, 11:13 AM
|
#2 (permalink)
| | Ultimate Member
Join Date: Oct 2001 Location: Dahlonega Ga
Posts: 8,105
|
| |
| | |
March 15th, 2004, 11:25 AM
|
#3 (permalink)
| | Member
Join Date: Oct 2001 Location: Tulsa, OK. *USA*
Posts: 462
|
I maybe showing my ignorance here, I’m no experienced virus hunter but could you slave the unit to an isolated machine, boot to your primary and attack it from that point?
My theory being that the virus replicates itself in the active operating system when booted, if that drive is not booted to then the virus doesn’t spread. Then maybe you could pick out and destroy the various iterations of the virus or perhaps use a more robust anti-viral program than was on your diskette, just some random thoughts on the subject.
Regards,
Zotz Mein
| |
| | |
March 15th, 2004, 12:30 PM
|
#4 (permalink)
| | Banned
Join Date: Dec 2002 Location: Garland, Texas USA
Posts: 1,785
|
Does this virus close your virus window while botted into windows? I (well a customer) had a virus simular named and every time I loaded to trans macros house call it closed it . It even removed Norton. It was weird. I suspected the kid downloaded loads of stuff on it. I tried everything, but ended up reloading the whole system as a last resort. There is a fix now, but I don't know where. | |
| | |
March 15th, 2004, 12:56 PM
|
#5 (permalink)
| | Supporting our military
Join Date: Oct 2002 Location: Bottom left of U.S.
Posts: 9,194
| The Cleaner perhaps?
For trojans but it got rid of things Norton couldn't for me.
Bill | |
| | |
March 15th, 2004, 12:59 PM
|
#6 (permalink)
| | Ultimate Member
Join Date: Aug 2003 Location: Gateshead U.K.
Posts: 8,838
|
try using a linux live cd such as knoppix, the virus won't start when you boot into linux. also, empty out the windows/temp/ folder as it is a favourite place for viruses to sit whilst disguised as .tmp files.
__________________
No man's life, liberty, or property are safe while the legislature is in session. --Mark Twain (1866)
| |
| | |
March 15th, 2004, 01:37 PM
|
#7 (permalink)
| | Ultimate Member
Join Date: Oct 2001 Location: Dahlonega Ga
Posts: 8,105
|
I got the MSCONFIG option of "Load Devices interactively" or whatever it's called and can get into Winderz.
Will try the cleaner.
Thanks for the suggestions, will update progress.
Doc | |
| | |
March 16th, 2004, 10:32 AM
|
#8 (permalink)
| | Ultimate Member
Join Date: Oct 2001 Location: Dahlonega Ga
Posts: 8,105
|
The Cleaner would not run, two attempts to load, run, uninstall, defrag, reload still gave run failures.
I've now formatted the unit and am reloading all.
Thanks for the attempts.
Doc | |
| | |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | | | 
Posting Rules
| You may post new threads You may post replies You may not post attachments You may not edit your posts
HTML code is Off | | | |   Most Active Discussions  | | | | | Recent Discussions  | | | | | 
|
hardware
prices 
